[EMAIL PROTECTED] said: > we're evaluating different options for these virtual machines. for the > vmware option there is a claim that the host doesn't need to have an IP > address on a particular nic to allow a virtual machine to access things on > that nic. if the host doesn't try to process the packet, but instead just > hands it to the uml then odds are that any network based kernel > vunerabilities will happen in the uml as opposed to the host system > > it is also simpler to explain to management :-)
does the uml pcap network backend still work? that's more or less what you're asking for. What Paolo suggests (bridging tapN and ethN together in brN) is mostly the same thing. You don't have to assign any IP on the host, just set up the bridge. The host networking code (specifically, the bridge code) does see the traffic in that case, but the exposure is limited to bridging itself. It doesn't go into the IP code or any other protocol's unless you add those protocols to the bridge. > hmm, do the host eth0 and tap0 need to have an IP address? or could I get > away with just the one IP address defined in the uml? no, and yes. >> The bad side is that each UML sees every packet the host sees. > > this isn't a problem, the host will not be doing anything at all on those > networks except providing access for the uml to access it (the host will > have another interface that it uses for administrative access) if your goal is for the uml to see *every* packet, bridging doesn't do what you want. linux bridging acts as a switch, and it won't forward packets through to the uml if it knows that the dst mac is on the physical (ethN) side of the bridge. otoh, if you just want the uml to see the traffic associated with its mac, bridging should work fine. Jason ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
